Cyber hacker ring found breaking into emails to gain market edge

New York Police Department officers stand outside of the New York Stock Exchange. (Reuters/Lucas Jackson) / Reuters

A new brand of cyber criminals has started stealing email communications in order to gain an upper hand on the market, Silicon Valley security company FireEye said on Monday. The firm has uncovered a cyber espionage ring aimed at gaming the stock market.

FireEye identified the team on Monday as a collective of
native English-speaking operators focused on utilizing their
hacking skills for the market edge – predominantly in the
pharmaceutical and healthcare sectors, where any details of
regulatory decisions, clinical trials, or legal issues could
potentially influence market prices.

The group has launched attacks on the email accounts of at least
100 firms. FireEye Threat Intelligence Manager Jen Weedon told
Reuters that the group – which it dubbed FIN4 – specifically
targeted individuals who likely had access to highly insider
data. Among these were executives, legal counsel, outside
consultants, and researchers.

Investment bankers and attorneys were also targeted. However, the
company would not release specific details of the victims, only
stating that three of the affected organizations are publicly
listed on the New York Stock Exchange. However, they did offer
some speculation as to the identity of the attackers.

“We suspect they are Americans, given their Wall Street
inside knowledge,” Weedon said, recognizing that they knew
the 'language' and likely knew their targets. “They seem to
have worked on Wall Street.”

“In order to get useful inside information, FIN4 compromises
the e-mail accounts of individuals who regularly communicate
about market-moving, non-public matters,” the report said.

However, beyond recognizing the hackers as native English
speakers, likely of North American or Western European
background, the group was unable to locate their identities on
account of their Tor (Onion Router) network usage.

“They are native English speakers who can inject themselves
seamlessly into email threads,” Weedon said, adding that
“if it’s not an American, it is someone who has been involved
in the investment banking community and knows its colloquialisms
really well.”

However, the hackers did not try to employ the use of malware to
attempt further incursions into organizations’ networks. It was a
simple case of reading emails, while deleting any notifications
to the owners that their accounts had been infiltrated.

“Given the types of people they are targeting, they don’t
need to go into the environment; the senior roles they target
have enough juicy information in their inbox,” said Weedon.